CN113162904A - Power monitoring system network security alarm evaluation method based on probability graph model - Google Patents
Power monitoring system network security alarm evaluation method based on probability graph model Download PDFInfo
- Publication number
- CN113162904A CN113162904A CN202110173001.6A CN202110173001A CN113162904A CN 113162904 A CN113162904 A CN 113162904A CN 202110173001 A CN202110173001 A CN 202110173001A CN 113162904 A CN113162904 A CN 113162904A
- Authority
- CN
- China
- Prior art keywords
- alarm
- monitoring system
- power monitoring
- network security
- similarity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a power monitoring system network security alarm evaluation method based on a probability graph model, which belongs to the technical field of power monitoring system network security. The method can quickly identify the alarm really having high threat from massive network safety alarms of the power monitoring system, and has very important significance for next emergency response and quick recovery of a service system.
Description
Technical Field
The invention relates to the technical field of network security of power monitoring systems, in particular to a power monitoring system network security alarm evaluation method based on a probability graph model.
Background
With the development of power grid technology, the power production environment is more and more widely used for an automatic system, a power monitoring system plays more and more important roles in actual production, once a network security event occurs in the power monitoring system, inestimable loss can be caused, and a seismic network event attacking Iranian nuclear facilities, a large-area power failure event of a power grid in West Ukrainian region due to network security, multiple large-area power failures caused by the fact that a Venezuela power system is subjected to the network security event and the like remind people that the power monitoring system is facing serious network security risks. Therefore, each power enterprise gradually establishes a power monitoring system network security management platform or a situation awareness system, but these similar systems generate massive network security alarms every day, these alarms far exceed the troubleshooting capability of each power enterprise security operation and maintenance personnel, and in these alarms, the proportion of truly threatening (i.e. representing that the system is really hacked) alarms is very small. Therefore, in order to reduce the pressure of troubleshooting and alarming by operation and maintenance personnel, improve the capability of discovering security threats and ensure that the power monitoring system can effectively deal with various network security risks in time, the alarm log generated by the safety equipment needs to be further analyzed, and the key alarm with high threat level is screened out.
Disclosure of Invention
In view of the above-mentioned drawbacks in the background art, the present invention provides a power monitoring system network security alarm evaluation method based on a probabilistic graphical model to solve the problems in the background art.
In order to screen out the alarms really with high threat degree from the massive alarms, the power monitoring system establishes a series of screening strategies based on the characteristics of the alarms by operation and maintenance personnel, such as the alarms mainly paying attention to high and medium risk levels, the alarms of specific protection rules, the alarms of a sensitive service system, the alarms triggered by malicious source IP and the like. However, in a real operation and maintenance environment, the above screening strategies have limited effects. The reason for this is mainly because the features referred to by the above screening strategies cannot effectively describe the threat level of the alarm. In an actual operation and maintenance scene, the most concerned part of the operation and maintenance personnel in the process of alarm troubleshooting is the attack load of the alarm. The attack behavior information is contained in the attack payload of the alarm. Therefore, in order to screen out alarms with high threat, it is necessary to consider the characteristic information included in the attack load.
The attack load of the alarm includes features such as an attack technique used by an attacker and an attack tool used, for example, a file path, an IP, a domain name, a URL, an operating system command, a script function, an SQL statement, a system table name, and the like. In an actual network environment, the attack load structure of the alarm varies depending on the type of service, communication protocol, and the like. The attack payload of the alarm is unstructured text data. In prior work, Natural Language Processing (NLP) technology provides a number of processing methods for unstructured text data. Through word segmentation, Doc2vec and other technologies, the attack load can be converted into vectorization representation.
In practice, the above method is often ineffective in the process of processing attack load data of an alarm, and the obtained vectorization representation still cannot effectively represent the features of the alarm. The reason for this is that natural language processing techniques cannot really "understand" the attacker's intent to attack and the attack technique employed. That is, the vectorization of the alarm obtained based on the NLP method represents more utilization of the statistical characteristics of the original attack load. These statistical features do not effectively describe the attack techniques contained in the alarm. Therefore, expert knowledge is introduced in the process of extracting the features, so that the feature extraction algorithm can really 'understand' the alarm.
In the process of extracting the alarm characteristics, a large amount of safety expert knowledge is required to be introduced, and the characteristics of the attack load can be effectively extracted. While the introduction of expert knowledge requires the security expert to provide a regular form of feature extraction, so-called artificial intelligence also has to be done manually. That is, the feature extraction process is equivalent to an introduction process of expert knowledge. This step has a great influence on the subsequent alarm evaluation effect. The more expert knowledge is introduced, the higher the accuracy is, and the better the effect of subsequent alarm evaluation is.
In a real power monitoring system network environment, most safety equipment alarms are low-risk alarms, and the proportion of real threatening alarms is very small. The low-risk alarm is generated by scanning detection and other actions. Scanning detection is generally completed by using an automatic tool, so that alarms generated in the process of scanning detection of different hosts by the tool often have similar attack load characteristics. For real attack, an attacker often adopts some unique attack techniques in order to attack a specific host. Thus, the alarm generated by the attack has a unique characteristic of the attack load. Therefore, the alarm can be evaluated according to the uniqueness of the alarm attack load characteristics. The more unique the alert feature, the higher its threat level.
Feature extraction: as mentioned above, the attack load feature of each alarm is extracted by a regular formula matching method, and the extracted features are encoded to obtain a feature vector.
Alarm aggregation: and aggregating the alarms according to the source ip, the destination ip and the destination port to obtain an alarm sequence. The alarms in each sequence represent the attack actions taken by an attacker from a source ip to a destination ip. Here, the attack behavior can be considered to be described by a series of feature vectors.
And (3) similarity analysis: and analyzing the similarity between each alarm sequence after aggregation, and detecting the similarity between the sequences. Here, a measure is selected to evaluate the similarity between any two alarm sequences. And finding out the alarm sequence with lower similarity with other sequences according to the measure. The alarms in these alarm sequences are set as high risk alarms.
In the third step, the similarity of the alarm sequences needs to be evaluated. Each alarm sequence is composed of a series of feature vectors, and the lengths of the alarm sequences are different, that is, the number of the feature vectors in the alarm sequences is different. There is therefore a need for a method that can compare the similarity of two alarm sequences. One possible method is to compare the similarity of the feature vectors in two alarm sequences, record the similarity of the feature vectors, and then take the statistical values of the similarity, such as the minimum value, median, average value, etc., as the similarity of the alarm sequences.
Since the graph model can clearly represent the relationship between the entities, the graph model can be used to assist in the evaluation of the similarity of the alarm sequence in the specific alarm evaluation process. The graph model is composed of vertices and edges. In this problem, the alarm sequence may be set as a vertex, and then an edge may be constructed according to the similarity of the sequences. And selecting a similarity threshold k, and if the similarity between the two sequences calculated by the method is greater than the threshold, establishing an edge between the corresponding vertexes of the two sequences.
The degree of each vertex is not the same, which indicates the difference in similarity between the corresponding alarm sequences. In a graph generated by actual intranet alarm data, there are many isolated vertices, that is, vertices with a degree of 0. The similarity between the alarm sequence corresponding to these vertices and other sequences is very low, and therefore, the alarms contained in these sequences can be considered to have higher threat. In addition, the alarm in the corresponding alarm sequence has higher threat degree at the vertex with lower degree. By the method, the alarm with higher threat degree can be screened out.
Specifically, in order to achieve the above object, the present invention provides a power monitoring system network security alarm evaluation method based on a probabilistic graphical model, which includes the following steps:
s1, analyzing the original warning of the network security management platform of the power monitoring system;
s2, forming a characteristic alarm sequence of the power monitoring system: classifying source IP addresses, target ports, transport layer protocols and alarm levels of alarm information by using a clustering algorithm, synchronously combining a network security management platform of the power monitoring system and a regulation and control cloud platform equipment asset ledger to obtain equipment names corresponding to the IP, and further obtaining an alarm sequence of the operating characteristics of the power monitoring system;
s3, extracting alarm characteristic vectors of the power monitoring system: extracting attack load characteristics of each power monitoring system network safety alarm by using a regular expression matching method, and obtaining a characteristic vector after encoding;
s4, carrying out similarity comparison on the feature vectors;
s5, making a probability graph model: setting a similarity threshold value as k by taking the alarm sequences as vertexes and the similarity between the sequences as edges, and establishing one edge if the similarity between any two alarm sequences is greater than k;
and S6, judging the size of the alarm threat through the probability graph model of the alarm threat.
In another embodiment of the present invention, the step S3 includes: safety expert knowledge is required to be introduced in the process of extracting the alarm characteristics.
In another embodiment of the present invention, in the step S2: aggregating the alarm according to the source IP address, the destination IP address and the destination port to obtain an alarm sequence; the alarms in each of said alarm sequences represent attack actions taken by an attacker from a source IP address to a destination IP address.
In another embodiment of the present invention, a statistical value of the similarity is taken as the similarity of the alarm sequence.
Compared with the prior art, the invention has the advantages that: the pressure of operation and maintenance personnel for troubleshooting and alarming is reduced, the capability of discovering security threats is improved, the power monitoring system can effectively deal with various network security risks in time, and key alarms with high threat can be screened out.
Drawings
Fig. 1 is a flowchart of a power monitoring system network security alarm evaluation method based on a probabilistic graphical model in an embodiment of the present invention.
FIG. 2 is a probabilistic graphical model in an embodiment of the invention.
Detailed Description
As shown in fig. 1, the present invention provides a power monitoring system network security alarm evaluation method based on a probability map model, which includes the following steps:
s1, analyzing the original warning of the network security management platform of the power monitoring system;
merging and screening the network security original alarm data of the power monitoring system;
s2, forming a characteristic alarm sequence of the power monitoring system;
classifying source IP addresses, target ports, transport layer protocols and alarm levels of alarm information by using a clustering algorithm, synchronously combining a network security management platform of the power monitoring system and a regulation and control cloud platform equipment asset ledger to obtain equipment names corresponding to the IP, and further obtaining an alarm sequence of the operating characteristics of the power monitoring system;
s3, extracting alarm characteristic vectors of the power monitoring system;
extracting attack load characteristics of each power monitoring system network safety alarm by using a regular expression matching method, and obtaining a characteristic vector after encoding;
s4, carrying out similarity comparison on the feature vectors;
recording the similarity of the feature vectors, wherein the lower the value is, the greater the alarm threat is;
s5, making a probability graph model, setting a similarity threshold value as k by taking the alarm sequences as vertexes and the similarity between the sequences as sides, and establishing one side if the similarity between any two alarm sequences is greater than k;
a probabilistic graph model is used to characterize the association and similarity of individual alarm sequences,
and S6, judging the size of the alarm threat through the probability graph model of the alarm threat.
And the isolated points represent that the similarity of the network security alarm characteristic vectors of other power monitoring systems is very low, and the network security alarm characteristic vectors are considered to have higher threat.
The invention reduces the pressure of operation and maintenance personnel on troubleshooting and alarming, improves the capability of discovering security threats, ensures that the power monitoring system can effectively deal with various network security risks in time, and can screen out key alarms with high threat degree.
In another embodiment of the present invention, in the step S2: aggregating the alarm according to the source IP address, the destination IP address and the destination port to obtain an alarm sequence; the alarms in each of said alarm sequences represent attack actions taken by an attacker from a source IP address to a destination IP address.
In another embodiment of the present invention, a statistical value of the similarity is taken as the similarity of the alarm sequence.
In the embodiment of the present invention, as shown in fig. 2, 7 alarm sequences are given from five dimensions of alarm device name, source IP address, destination port, and transport layer protocol: host a, source IP1, destination IP1, 2204, 104; host B, source IP2, destination IP2, 3306, 104; host C, source IP3, destination IP3, 1234, 104; host D, source IP4, destination IP4, 2666, 61850; host E, source IP5, destination IP5, 3223, 61850; host F, source IP6, destination IP6, 3555, 61850; host G, source IP7, destination IP7, 4455, 61850. The probability map model diagram in fig. 2 is drawn with the alarm sequences as vertices and the similarity between the sequences as edges. The 2 alarm sequences of the host B, the source IP2, the destination IP2, 3306 and 104, the host E, the source IP5, the destination IP5, 3223 and 61850 are connected by two edges, and the other 5 alarm sequences are connected by more than 3 edges; thus, the 2 alarm sequences of host B, source IP2, destination IP2, 3306, 104 and host E, source IP5, destination IP5, 3223, 61850 have higher threat.
The foregoing detailed description of the preferred embodiments of the invention has been presented. It should be understood that numerous modifications and variations could be devised by those skilled in the art in light of the present teachings without departing from the inventive concepts. Therefore, the technical solutions available to those skilled in the art through logic analysis, reasoning and limited experiments based on the prior art according to the concept of the present invention should be within the scope of protection defined by the claims.
Claims (4)
1. A power monitoring system network security alarm evaluation method based on a probability graph model is characterized by comprising the following steps:
s1, analyzing the original warning of the network security management platform of the power monitoring system;
s2, forming a characteristic alarm sequence of the power monitoring system: classifying source IP addresses, target ports, transport layer protocols and alarm levels of alarm information by using a clustering algorithm, synchronously combining a network security management platform of the power monitoring system and a regulation and control cloud platform equipment asset ledger to obtain equipment names corresponding to the IP, and further obtaining an alarm sequence of the operating characteristics of the power monitoring system;
s3, extracting alarm characteristic vectors of the power monitoring system: extracting attack load characteristics of each power monitoring system network safety alarm by using a regular expression matching method, and obtaining a characteristic vector after encoding;
s4, carrying out similarity comparison on the feature vectors;
s5, making a probability graph model: setting a similarity threshold value as k by taking the alarm sequences as vertexes and the similarity between the sequences as edges, and establishing one edge if the similarity between any two alarm sequences is greater than k;
and S6, judging the size of the alarm threat through the probability graph model of the alarm threat.
2. The power monitoring system network security alarm evaluation method based on probabilistic graphical model as claimed in claim 1, wherein said step S3 comprises: safety expert knowledge is required to be introduced in the process of extracting the alarm characteristics.
3. The power monitoring system network security alarm evaluation method based on probabilistic graphical model as claimed in claim 1, wherein in the step S2: aggregating the alarm according to the source IP address, the destination IP address and the destination port to obtain an alarm sequence; the alarms in each of said alarm sequences represent attack actions taken by an attacker from a source IP address to a destination IP address.
4. The power monitoring system network security alarm evaluation method based on the probability map model as claimed in claim 1, wherein the statistical value of the similarity is taken as the similarity of the alarm sequence.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110173001.6A CN113162904B (en) | 2021-02-08 | 2021-02-08 | Power monitoring system network security alarm evaluation method based on probability graph model |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110173001.6A CN113162904B (en) | 2021-02-08 | 2021-02-08 | Power monitoring system network security alarm evaluation method based on probability graph model |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113162904A true CN113162904A (en) | 2021-07-23 |
| CN113162904B CN113162904B (en) | 2022-11-08 |
Family
ID=76883032
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110173001.6A Active CN113162904B (en) | 2021-02-08 | 2021-02-08 | Power monitoring system network security alarm evaluation method based on probability graph model |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113162904B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116915507A (en) * | 2023-09-12 | 2023-10-20 | 奇安星城网络安全运营服务(长沙)有限公司 | Computer network security analysis system based on security signal matching |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105471623A (en) * | 2015-11-16 | 2016-04-06 | 中国烟草总公司江苏省公司 | Key IP address safety alarm association analysis method based on fuzzy scene |
| CN109922069A (en) * | 2019-03-13 | 2019-06-21 | 中国科学技术大学 | The multidimensional association analysis method and system that advanced duration threatens |
| CN110213077A (en) * | 2019-04-18 | 2019-09-06 | 国家电网有限公司 | A kind of method, apparatus and system of determining electric power monitoring system security incident |
| CN110460558A (en) * | 2018-05-07 | 2019-11-15 | 南京联成科技发展股份有限公司 | A kind of method and system based on the discovery of visual challenge model |
| US20190379700A1 (en) * | 2018-06-12 | 2019-12-12 | Netskope, Inc. | Systems and methods for alert prioritization using security events graph |
| CN110650156A (en) * | 2019-10-23 | 2020-01-03 | 北京天融信网络安全技术有限公司 | Method and device for clustering relationships of network entities and method for identifying network events |
| CN110839019A (en) * | 2019-10-24 | 2020-02-25 | 国网福建省电力有限公司 | Network security threat tracing method for power monitoring system |
| CN111787000A (en) * | 2020-06-30 | 2020-10-16 | 绿盟科技集团股份有限公司 | Network security evaluation method and electronic equipment |
| CN112101617A (en) * | 2020-08-11 | 2020-12-18 | 复旦大学 | Power grid fault severity prediction method based on hierarchical graph convolution |
| CN112118141A (en) * | 2020-09-21 | 2020-12-22 | 中山大学 | Communication network-oriented alarm event correlation compression method and device |
| CN112163682A (en) * | 2020-10-19 | 2021-01-01 | 北京邮电大学 | Power dispatching automation system fault tracing method based on information difference graph model |
-
2021
- 2021-02-08 CN CN202110173001.6A patent/CN113162904B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105471623A (en) * | 2015-11-16 | 2016-04-06 | 中国烟草总公司江苏省公司 | Key IP address safety alarm association analysis method based on fuzzy scene |
| CN110460558A (en) * | 2018-05-07 | 2019-11-15 | 南京联成科技发展股份有限公司 | A kind of method and system based on the discovery of visual challenge model |
| US20190379700A1 (en) * | 2018-06-12 | 2019-12-12 | Netskope, Inc. | Systems and methods for alert prioritization using security events graph |
| CN109922069A (en) * | 2019-03-13 | 2019-06-21 | 中国科学技术大学 | The multidimensional association analysis method and system that advanced duration threatens |
| CN110213077A (en) * | 2019-04-18 | 2019-09-06 | 国家电网有限公司 | A kind of method, apparatus and system of determining electric power monitoring system security incident |
| CN110650156A (en) * | 2019-10-23 | 2020-01-03 | 北京天融信网络安全技术有限公司 | Method and device for clustering relationships of network entities and method for identifying network events |
| CN110839019A (en) * | 2019-10-24 | 2020-02-25 | 国网福建省电力有限公司 | Network security threat tracing method for power monitoring system |
| CN111787000A (en) * | 2020-06-30 | 2020-10-16 | 绿盟科技集团股份有限公司 | Network security evaluation method and electronic equipment |
| CN112101617A (en) * | 2020-08-11 | 2020-12-18 | 复旦大学 | Power grid fault severity prediction method based on hierarchical graph convolution |
| CN112118141A (en) * | 2020-09-21 | 2020-12-22 | 中山大学 | Communication network-oriented alarm event correlation compression method and device |
| CN112163682A (en) * | 2020-10-19 | 2021-01-01 | 北京邮电大学 | Power dispatching automation system fault tracing method based on information difference graph model |
Non-Patent Citations (1)
| Title |
|---|
| 鲁显光: "基于改进FP growth的告警关联算法", 《计算机科学》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116915507A (en) * | 2023-09-12 | 2023-10-20 | 奇安星城网络安全运营服务(长沙)有限公司 | Computer network security analysis system based on security signal matching |
| CN116915507B (en) * | 2023-09-12 | 2023-12-05 | 奇安星城网络安全运营服务(长沙)有限公司 | Computer network security analysis system based on security signal matching |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113162904B (en) | 2022-11-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Feng et al. | Multi-level anomaly detection in industrial control systems via package signatures and LSTM networks | |
| CN107528832B (en) | Baseline construction and unknown abnormal behavior detection method for system logs | |
| CN103441982A (en) | Intrusion alarm analyzing method based on relative entropy | |
| CN105009132A (en) | Event correlation based on confidence factor | |
| CN113094707B (en) | Lateral movement attack detection method and system based on heterogeneous graph network | |
| CN113904881B (en) | Intrusion detection rule false alarm processing method and device | |
| CN117544420B (en) | Fusion system safety management method and system based on data analysis | |
| Liu et al. | Multi-step attack scenarios mining based on neural network and Bayesian network attack graph | |
| CN111935099A (en) | Malicious domain name detection method based on deep noise reduction self-coding network | |
| Nathiya et al. | An effective way of cloud intrusion detection system using decision tree, support vector machine and Naïve bayes algorithm | |
| CN113162904B (en) | Power monitoring system network security alarm evaluation method based on probability graph model | |
| CN114598514A (en) | Industrial control threat detection method and device | |
| CN111709021B (en) | Attack event identification method based on mass alarms and electronic device | |
| CN112839029B (en) | Botnet activity degree analysis method and system | |
| CN113032774B (en) | Training method, device and equipment of anomaly detection model and computer storage medium | |
| Tian et al. | Network attack path reconstruction based on similarity computation | |
| CN114268484A (en) | Malicious encrypted flow detection method and device, electronic equipment and storage medium | |
| Meinig et al. | Rough Logs: A Data Reduction Approach for Log Files. | |
| Zhang et al. | Hybrid intrusion detection based on data mining | |
| Ukil | Application of Kolmogorov complexity in anomaly detection | |
| US20240129325A1 (en) | Network intrusion detecting system and network intrusion detecting method | |
| CN118487872B (en) | Nuclear power industry-oriented network abnormal behavior detection and analysis method | |
| CN117857182B (en) | Processing method and device for server abnormal access | |
| Sharma et al. | Intelligent Model for Network Attack Identification [J] | |
| Aziz et al. | Anomaly Based Intrusion Detection System Which Analyze the Dataset and Detect Intrusion |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |